NTI: Global Security Newswire - U.S. General Reserves Right to Use Force, Even Nuclear, in Response to Cyber Attack U.S. General Reserves Right to Use Force, Even Nuclear, in Response to Cyber Attack Tuesday, May 12, 2009 By Elaine M. Grossman WASHINGTON -- The top U.S. commander for strategic combat said last week that the White House retains the option to respond with physical force -- potentially even using nuclear weapons -- if a foreign entity conducts a disabling cyber attack against U.S. computer networks (see GSN, Nov. 7, 2008). (May. 12) - U.S. Navy personnel monitor military computer networks in 2008. The head of U.S. Strategic Command said that the United States reserves the option to use military force, possibly even nuclear weapons, in response to a cyber attack (U.S. Navy photo). While a nuclear response appears highly unlikely, it might be counted among a full range of options offered to the president following a major computer attack, suggested Gen. Kevin Chilton, who heads U.S. Strategic Command. However, the general noted, it might be no easy task to identify with certainty the origin of a cyber strike. "I think you don't take any response options off the table from an attack on the United States of America," he told reporters during a Defense Writers Group breakfast on Thursday. "Why would we constrain ourselves on how we respond?" Hackers located in China are believed to have carried out a growing number of computer intrusions, most recently accessing large amounts of data on the Defense Department's $300 billion Joint Strike Fighter program, the Wall Street Journal reported last month. Earlier reported incidents include cyber break-ins of the U.S. electrical power grid, where suspected Chinese and Russian hackers left behind software that could be activated later to disrupt service. Should the breaches evolve into more serious computer attacks against the United States, Chilton said he could not rule out the possibility of a military salvo against a nation like China, even though Beijing has nuclear arms. He rejected the idea that such a conflict would necessarily risk going nuclear. "I don't think that's true," Chilton said. At the same time, the general insisted that all strike options, including nuclear, would remain available to the commander in chief in defending the nation from cyber strikes. "I think that's been our policy on any attack on the United States of America," Chilton said. "And I don't see any reason to treat cyber any differently. I mean, why would we tie the president's hands? I can't. It's up to the president to decide." "They call this 'calculated ambiguity,' but it's just stupid," said Jeffrey Lewis, who directs the Nuclear Strategy and Nonproliferation Initiative at the New America Foundation. Longtime U.S. policy discourages government leaders from either overtly threatening or ruling out the use of nuclear weapons, he explained in a Friday telephone interview. Sometimes the result is that policy-makers or military officials appear to leave open the possibility of a response drastically out of proportion to an adversary's action, Lewis said. Instead, he advocates alternatives such as declaring the purpose of nuclear weapons to be limited to defense against weapons of mass destruction, or calling atomic arms "weapons of last resort." At the same time, the potential gravity of cyber warfare should not be underestimated, some experts say. "I think it's important not to trivialize the impact of a cyber attack," said Eugene Fidell, a visiting lecturer on military law at Yale Law School and president of the National Institute of Military Justice. "From my perspective, it's not a complete answer to say let's blast a city because of what hackers did. But [what] if those ... hackers shut down the Northeast?" Chilton said international law would allow the United States, as a sovereign nation, as much a right to an armed self-defense following a cyber attack as it has in response to a physical salvo. "The Law of Armed Conflict will apply to this domain," the strategic commander said. "I guess I've not heard anybody argue back when I've said that." The reality is that international law is somewhat less clear, according to Gary Solis, who teaches the law of war at Georgetown Law School. "Any attack on another state -- be it on land, at sea, in the air or in the cyber domain -- constitutes an attack," he said. "But there is nothing in the Law of Armed Conflict that addresses cyber responses." The Law of Armed Conflict is actually not a single law but a collection of treaties and protocols widely understood to circumscribe actions in warfare. There is no single method of enforcing or adjudicating these norms, Solis noted. So it often falls to the international community to impose penalties such as trade embargoes or military action in response to perceived infractions. Solis said he does not regard what Chilton discussed -- the justification for using armed force -- as part of the Law of Armed Conflict, which focuses instead on acceptable conduct once engaged in war. For that reason, he took issue with Chilton's statement that the law condones a particular type of military response. "If there was an assertion that it was clear in the Law of Armed Conflict that an armed response is appropriate, I would not agree," Solis said. "The best you could do is operate by analogy." For example, one might point to historical precedent, rather than the writ of law, as a basis for action in response to a cyber attack, he said. "This is just too new and, for now at least, too unexamined to say straight up that an armed response is an appropriate response," Solis said.